Google Chrome is not so shiny

Google Chrome - Error messages, risky user agreements and security issues

It has been available for a little over 24 hours but Google’s latest venture is already spawning critics [BBC]. The new web browser, Google Chrome, is, at first sight, clean and simple to use; but many aspects are lacking and some features simply don’t work. The scroll feature as used by many laptop users with a touch pad fails to work as it should. Scrolling down works, if rather fast; but on reaching the bottom of the page it becomes stuck. The user is forced into using the arrow keys or the ‘home’ key to return to the top of the page.

Attempting to copy a link from the address bar into Microsoft Works Word Processor fails. Any such attempt results in this message appearing, “The information you copied exceeds the size limit for pasting into the Word Processor. Try reducing the size of you selection, and then copy and paste again”. Strangely, copying a link into a Word document does work and becomes an ‘active’ link. But copying the link into blogger also results in unexpected results. Paste the link from Google Chrome’s address bar and the link fails to become ‘active’ in the blogger compose page. As a result the link fails to show the full hyper text mark up language [html] if one subsequently switches to the ‘edit html’ page.

Other issues are much more serious. On Wednesday several tech websites put out a story that suggested users may be prone to virus attacks. The browser which is still in beta could result in so called carpet bombing attacks. Security researcher Aviv Raff discovered the bug within hours of Google Chrome‘s release on Tuesday. The bug is said to be an amalgam of an Apple Safari carpet bombing vulnerability with a Java glitch revealed at the Black Hat USA 2008. Raff posted proof on the concept exploit code on the vulnerability, demonstrating how the new Google Chrome bug enables users to unknowingly launch malicious executables directly from their browser.

A malicious hacker could entice users into downloading onto their Windows desktop a specially-crafted java archive file, typically with a social engineering ploy. Once a user opened a malicious link or visited a harmful website, malware would then be installed on the user's PC, which would get executed without warning.

However Google have said their browser does not pose a major risk and users have control over what they download and where they save it. Google said that by default, the new browser downloads files to a separate "downloads" folder, as opposed to the user's desktop. The "downloads" folder is not in the default DLL search patch, which subsequently avoids some potential security problems, Google said.

"This may be different for Vista depending on imported settings from the default browser, which may direct downloads to the desktop, but Vista security mechanisms help mitigate potential risk to users. Google Chrome takes things a step further by refusing to automatically download files, such as desktop.ini and *.local files, that have the potential to manipulate window preferences and change the order in which DLLs are loaded," said a Google spokesperson in an email. "However, should users wish to be prompted before each file download, they can enable this functionality by choosing 'Ask where to save each file before downloading' on the Minor Tweaks tab in the Options dialog."

Some have also questioned some privacy issues with the new browser. The auto-suggest feature of Google's new Chrome browser does more than just help users get where they are going. It will also give Google a wealth of information on what people are doing on the Internet besides searching. Provided users leave Chrome's auto-suggest feature on and have Google as their default search provider, Google will have access to any keystrokes that are typed into the browser's Omnibox, even before a user hits enter. It has many privacy advocates very hot under the collar [CNET].

On the plus side the browser does work faster. But if security becomes a major issue, Google’s new baby may get left behind in all the web traffic [News.com.au]. There were more worries for some users over the issues of copyright and protecting ownership of material. One blogger noted that part of the licensing agreement for Google Chrome was particularly frightening ...the EULA grants Google: 'a perpetual, irrevocable, worldwide, royalty-free and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content that you submit, post or display on or through' [CNET].

But within hours of this being spotted Google rewrote its licensing agreement. Many critics suggested the language would allow Google to use any web content displayed in Chrome without getting copyright permission. However, Google said it borrowed language from other products, "in order to keep things simple for our users," when it inserted the copyright provision in the Chrome licence.

"Sometimes, as in the case of Google Chrome, this means that the legal terms for a specific product may include terms that don't apply well to the use of that product," Rebecca Ward, senior product counsel for Chrome, said in a statement. "We are working quickly to remove language from Section 11 of the current Google Chrome terms of service. This change will apply retroactively to all users who have downloaded Google Chrome." Well that's a relief ! [reseller.co.nz]